I’ve been playing guitar for about five years at this point. I started on a Squier Classic Vibe 50’s Telecaster in butterscotch blonde which you can see on the picture. Over the first two of the past five years I’ve changed all parts of it except for the body.

The next guitar was a Ray Gerold Telecaster. Its made in germany and features the Ray Gerold Bourbon DLX noiseless pickups which sound fantastic. While this guitar is a significant upgrade to my fully modified Squier, there were still some things I wanted differently.

Now in the fifth year I finally decided to build a custom Telecaster which features most of my desired features and then build the full version with every single detail. The only things missing in the current project are the Ray Gerold pickups, because they are quite expensive and the body is not a nitro finish. Also the neck is a little thinner than it should be in the final version but all that aside, here are the details for the Fiesta Red Telecaster I have just completed.

The Neck

Its a maple neck with modern c profile, a 10″ radius and 6105 fret wire. It is made by Warmoth and has a nitro vintage tint finish. It has 21 frets and the build type is vintage/modern which means it has the truss rod adjustment screw on the headstock.

The Body

The body is made by Warmoth as well. The wood is pretty light swamp ash which is painted fiesta red and otherwise just a standard tele body.

The tuners are GOTOH HAP staggered tuners although usually I go for the vintage Kluson ones. The electronics are from a kit which I bought from a german store which just contained all the parts I would’ve bought anyway. You can find the kit here. It also comes with the treble bleed mod.

Another small but important is the audio socket mount which usually is quite horrible on a telecaster. Instead I’m using these socket caps which are mounted with two screws.

Pickups

In this version I have used the DiMarzio AreaT Pickups for neck and bridge position which are noiseless and have a better reputation for sound than the fender ones. The final version of this telecaster will have the Ray Gerold Pickups.

Here is another picture of the guitar which was inspired by the Fender Custom Shop Telecaster of Greg Koch.

It is quite rare to find a Fiesta Red Telecaster with swamp ash body and a maple neck – so this is why I went full custom and built it myself.

The final guitar is really light weight and plays fantastic. I have to say the neck and body from Warmoth were superb but I wish they’d offer nitro body painting. The AreaT pickups sound very nice but I’m missing the toggle switch from the Ray Gerold ones which I still prefer sound wise but which cost almost four times more than the DiMarzios. I hope this little post inspires you to make your own custom guitar!

After working for the same company for over five years it is time to look for a new job.

At my previous job I had the chance to work on seven different projects, some of them with millions of daily active users. I was responsible of designing, implementing and operating backend systems with stability, performance and fault tolerance in mind.

Me and my colleagues were free to choose the technology stack which we thought was the best fit. We could experiment with new things on a regular basis and our technical feedback was valued input for product decisions. I guess this is what you sum up with »ownership«.

It kept the motivation and fun levels high because you wouldn’t be stuck in the same 7 year old code base of generations of start up developers who left years ago, if you know what I mean.

For my next job I’m looking for at least the same level of responsibility and ownership. After ~ 11 years of programming I feel like I’ve gathered quite a bit of experience that I would love to share to help building something new.

Now of course it isn’t particularly hard to find a job in the computer industry. My linkedin account is getting flooded with messages on a daily basis but we all know that doesn’t mean anything. I can’t be bothered with the ideas or concepts of most of these companies or startups out there. Ultimately everybody is trying to create a business but a lot of them are trying to solve problems which almost nobody is having.

If I could choose, I’d prefer to work on something meaningful. I know, we all do, right? I’ve been working in a Free2Play/Casual Gaming company for the past 5 years, so a bit more meaningful than this at least would be nice.

Basically all my jobs of my professional career as a programmer I got through friends or my own efforts, never through headhunters on linkedin and that has worked quite well for me.

This is why I’m writing this little blog post. It might just reach the right person in my expanded social bubble that I would otherwise miss.

So if you need an experienced backend developer, lead developer, consultant, technical manager, architect or CTO for a somewhat interesting project in Berlin, feel free to contact me.

CTO might be a bit much at this point to be honest but I don’t want to rule it out either if the opportunity is right.

I started watching the videos of SpectreSoundStudios recently and one of the videos was about how Glenn (the host) is achieving the great video quality of his videos. The answer is of course daylight lamps with broad spectrum or a high CRI (color render index). The professional lights that fulfill these requirements are quite expensive which is why this video caught my attention.

The surprising part to me was that he was using good old fluorescent lamps which I remembered to be horrible because of flickering and rather poor CRIs but technology has advanced and there are now non flickering high CRI fluorescent lamps which are quite affordable. I found them on amazon Germany and ordered two for 50€ each.

The Philips TL-D Graphica 950 has a CRI of 95 (100 is the max)

Here is the video:

And here are the amazon Germany (affiliate) links in case you want to shop yourself:

I’m able to write this blog post because I have just recovered my OS X login / keychain password half an hour ago. If you’re in a rush you can skip the story part and go to the guide.

My Story

I came back from a two week vacation and after 2.5 days, shortly before lunch, I couldn’t type my password anymore. I’ve been using this password for the last couple of years and entered it on average maybe 10 times per day. The visual or concrete representation I had long forgotten. I was only relying on my muscle memory and the rhythm when entering it. Now something was missing and with every failed attempt the stress level increased and I started training the wrong password.

After two days I decided to start from scratch. Clean install, reset all passwords (I still knew my email password), take care of online banking accounts, paypal, serial numbers and pass phrases for my ssh keys which were deployed on about 700 hosts (!!!) – all of which was stored in my Keychain on OS X. I still had an unencrypted backup from 6 months ago with the bulk of my old data. My online backup, which I was so proud about, was encrypted with the same forgotten password, which rendered it useless. My SSD was FileVault encrypted so the recent data was completely lost.

In parallel I started a text file and every now and then tried to tap my muscle memory for the correct password to avoid repeating the wrong one and also to see which parts of the password were the same each time.

From that I knew that the password was between 17 and 19 characters long. I was pretty confident about the first 11 and the last 2 characters which left me with 6 unknown. Luckily I could also limit the set of characters that could have appeared in that position and with healthy brute forcing effort I finally have my password back. I forgot about 2 characters.

Recovering a Forgotten Password

Step 1: Write down everything you still remember about your password

Which phrase, word or thing it was based on. Estimate how long it was. Make a couple of muscle memory attempts in a text file and try to find parts you think are correct. Try to identify the parts were you feel something is off. Were any characters doubled as in ‘aa’ or ‘pp’ or were all characters in the password unique? Did you use lower case, upper case, numbers and symbols?

Step 2: Create a Charset

Make a list of characters which were part of the password and add those characters which you would use for passwords in general. Exclude the once which you are certain that you wouldn’t use them. Put the characters in which you are unsure about. Keep that list as short as possible. Sort that character list: lowercase letters, uppercase letters, numbers, symbols

Step 3: Create a Word List

Generate permutations of your password. To do this you can download one of many tools. The one I have used is called crunch and this is how I have used it:

This is telling crunch to create password permutations which are 19 characters long, using my custom list of characters, with no duplications of lowercase letters (@), uppercase letters (,), numbers (%) and symbols (^). I also provided a pattern with all the parts of the password which I felt quite confident about and used the @ symbol at the positions I wasn’t sure. The @ symbol in the pattern is replaced with characters from the provided list of characters. Even though I knew 13 of 19 characters and I limited the character set, the resulting wordlist was still 8GB large. It grows quickly the less certain you are.

Step 4: Acquiring the Hash

Passwords are usually not stored in plain text. Otherwise the recovery process would be quite simple. In most cases they will be stored using a cryptographic hash algorithm which only allows encryption but not decryption. When trying to bruteforce a password you need to know which algorithm was used and then use the same algorithm for your variations of the password. The process is successful if the same hash is found. Now in my case I wanted to unlock the OS X login keychain to get access to my passwords, serial numbers etc. To do that I needed to extract the password hash from the file. Luckily, JohnTheRipper, the tool which I used for the bruteforcing, came with a keychain2john converter tool.

Many other files can be handled directly. Google what you need to do for your use case. I’d guess that many other people had the same problem as you.

Step 5: Brute Force Time

The most popular tools are JohnTheRipper and hashcat. Look them up and read what they can and can’t do. Read the documentation to find which options suit your scenario. Mine looked looked like this:

./john --wordlist=wordlist_19.txt ~/keychain/converted_keychain

There are many more options available but my work was mostly in crafting the wordlist so JohnTheRipper was just needed to efficiently go through it. There is an option to use multiple process forks but my wordlist was to large for that option so I let it run on just one core at about 10k passwords per second. If that would have failed I would have used hashcat on a machine with plenty of GPU power but luckily I didn’t have to go that far.

After 6 hours, half way through the wordlist, my password was found. My muscle memory forgot about 2 characters!

Final Advice

The shorter you can make the wordlist the better. If you know something about the order try using this to compile a shorter list. A colleague of mine wrote a quick and dirty program in Go to do that. Basically for each position in the password you can provide a list of characters that are likely to appear there. This way you can define an order and a character set and keep the wordlist short.

Print out those recovery keys

Have a local unencrypted backup if your individual paranoia level allows it